CVE-2014-3908 in Amazon Kindle App
Сводка (Английский)
The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Резервировать
27.05.2014
Раскрытие
30.08.2014
Записи
VulDB provides additional information and datapoints for this CVE:
| ИД | Уязвимость | CWE | Экс | Кон | CVE |
|---|---|---|---|---|---|
| 67433 | Amazon Kindle App SSL Certificate слабое шифрование | 310 | недоказанный | Официальное исправление | CVE-2014-3908 |